An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.
However, within the RegistrationForm the member variables for the registration form input data are declared public not private. All member variables within a Struts framework ActionForm class must be declared private to prevent the member variables from being modified without using the getter and setter methods. The following example shows the member variables being declared private and getter and setter methods declared for accessing the member variables.
In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.
However, within the RegistrationForm the member variables for the registration form input data are declared public not private. All member variables within a Struts framework ActionForm class must be declared private to prevent the member variables from being modified without using the getter and setter methods. The following example shows the member variables being declared private and getter and setter methods declared for accessing the member variables.
No relationship information available for this CWE.
CWE-608: Struts: Non-private Field in ActionForm Class is a Common Weakness Enumeration (CWE) entry maintained by MITRE. An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
If exploited, CWE-608 (Struts: Non-private Field in ActionForm Class) it can compromise Integrity and Confidentiality, leading to outcomes such as Modify Application Data and Read Application Data.
CWE-608 commonly affects Java. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-608 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.